North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: [Full-disclosure] what can be done with botnet C&C's?
I hate to stir the flames again, but this idea sounds a lot like RBLs. :) All kidding aside, I'm curious as to when we will reach the point where the devices of our networks will be able to share information regarding sporadic bursts or predefined traffic patterns in network traffic within a certain time frame, determine it is a related outgoing (or incoming) attack, and mitigate/stop the traffic. I think it certainly is possible to accomplish this on a per-router level, but being able to have the devices communicate and share information between one another is a completely separate thing. (New protocol perhaps.) The only real method that I really have in my toolkit to stop incoming DDoS on a AS-wide perspective is originating a /32 within an AS with a next-hop of a discard interface. Something similar to that nature but more flexible and designed for the sole purpose of preventing/stopping abuse would be a very nice feature. Cheers. -Michael -- Michael Nicks Network Engineer KanREN e: [email protected] o: +1-785-856-9800 x221 m: +1-913-378-6516 Payam Tarverdyan Chychi wrote: I’ve been reading on this subject for the last several weeks and it seems as if everyone just like to come up with out of the box ideas that are not realistic for today’s network environments
|